<?php

namespace App\Http\Middleware;

use Closure;

class CheckSign
{
    /**
     * Handle an incoming request.
     * 验证签名
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //验证必传参数
        if (!$request->has('appcode','noncer','timestamp','salt','sign','md5')) {
            //缺少参数
            return respF(1000);
        }
        $appcode = md5('bap'); //app code
        $noncer = $request->get('salt'); //随机字符串
        $timestamp = (int)$request->get('timestamp') + 618;
        $sign = $request->get('sign'); //签名
        //计算签名
        $checkSign = sha1($appcode.$noncer.$timestamp);

        if ($checkSign != $sign) {
            //签名错误
            return respF(4001);
        }

        return $next($request);
    }
}
